[Django] #12616: dev server should not override directory listing of static media
0 views
Skip to first unread message
Django
Jan 14, 2010, 10:37:32 PM1/14/10
to djang...@holovaty.com, django-...@googlegroups.com
#12616: dev server should not override directory listing of static media
----------------------------+-----------------------------------------------
Reporter: ahebert | Owner: nobody
Status: new | Milestone:
Component: Core framework | Version: 1.1
Keywords: | Stage: Unreviewed
Has_patch: 0 |
----------------------------+-----------------------------------------------
The dev server can serve the static admin media file from a project
directory, which is likely if you want to modify the look of the admin.
When set to do so with directory listing allowed by
{{{'show_indexes':True}}}, an attempt to navigate the directory structure
from a browser will result in a 401 "Permission Denied" page, which is
broken when the same settings allow directory navigation of non-admin
media.
An example to reproduce the problem has settings:
{{{
SITE_ROOT = os.path.dirname(os.path.realpath(__file__))
MEDIA_ROOT = os.path.join(SITE_ROOT,'media')
MEDIA_URL='/media/'
ADMIN_MEDIA_PREFIX='/media/admin/'
}}}
and a urlconf containing:
{{{
(r'^%s(?P<path>.*)$' % settings.MEDIA_URL[1:],
'django.views.static.serve', {'document_root': settings.MEDIA_ROOT,
'show_indexes': True}),
}}}
and running the server with the command
{{{
./manage.py runserver --adminmedia=media/admin
}}}
--
Ticket URL: <http://code.djangoproject.com/ticket/12616>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
----------------------------+-----------------------------------------------
Reporter: ahebert | Owner: nobody
Status: new | Milestone:
Component: Core framework | Version: 1.1
Keywords: | Stage: Unreviewed
Has_patch: 0 |
----------------------------+-----------------------------------------------
The dev server can serve the static admin media file from a project
directory, which is likely if you want to modify the look of the admin.
When set to do so with directory listing allowed by
{{{'show_indexes':True}}}, an attempt to navigate the directory structure
from a browser will result in a 401 "Permission Denied" page, which is
broken when the same settings allow directory navigation of non-admin
media.
An example to reproduce the problem has settings:
{{{
SITE_ROOT = os.path.dirname(os.path.realpath(__file__))
MEDIA_ROOT = os.path.join(SITE_ROOT,'media')
MEDIA_URL='/media/'
ADMIN_MEDIA_PREFIX='/media/admin/'
}}}
and a urlconf containing:
{{{
(r'^%s(?P<path>.*)$' % settings.MEDIA_URL[1:],
'django.views.static.serve', {'document_root': settings.MEDIA_ROOT,
'show_indexes': True}),
}}}
and running the server with the command
{{{
./manage.py runserver --adminmedia=media/admin
}}}
--
Ticket URL: <http://code.djangoproject.com/ticket/12616>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Jan 14, 2010, 10:42:34 PM1/14/10
to djang...@holovaty.com, django-...@googlegroups.com
#12616: dev server should not override directory listing of static media
-------------------------------------+--------------------------------------
Reporter: ahebert | Owner: nobody
Status: closed | Milestone:
Component: Core framework | Version: 1.1
Resolution: worksforme | Keywords:
Stage: Unreviewed | Has_patch: 1
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
-------------------------------------+--------------------------------------
Changes (by ahebert):
* status: new => closed
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
* has_patch: 0 => 1
* resolution: => worksforme
Comment:
Added a patch that fixes the problem.
--
Ticket URL: <http://code.djangoproject.com/ticket/12616#comment:1>
Django
Jan 15, 2010, 2:54:36 PM1/15/10
to djang...@holovaty.com, django-...@googlegroups.com
#12616: dev server should not override directory listing of static media
-------------------------------------+--------------------------------------
Reporter: ahebert | Owner: nobody
Status: reopened | Milestone:
Component: Core framework | Version: 1.1
Resolution: | Keywords:
Stage: Unreviewed | Has_patch: 1
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
-------------------------------------+--------------------------------------
Changes (by ahebert):
* status: closed => reopened
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
-------------------------------------+--------------------------------------
Changes (by ahebert):
* resolution: worksforme =>
--
Ticket URL: <http://code.djangoproject.com/ticket/12616#comment:2>
Django
Jan 15, 2010, 2:59:28 PM1/15/10
to djang...@holovaty.com, django-...@googlegroups.com
#12616: dev server should not override directory listing of static media
-------------------------------------+--------------------------------------
Reporter: ahebert | Owner: nobody
Status: reopened | Milestone:
Component: Core framework | Version: 1.1
Resolution: | Keywords:
Stage: Unreviewed | Has_patch: 1
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
-------------------------------------+--------------------------------------
Comment (by ahebert):
Stage: Unreviewed | Has_patch: 1
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
-------------------------------------+--------------------------------------
Replying to [comment:2 ahebert]:
I think I misunderstood the "worksforme" resolution. The patch submitted
works for me, but has not been reviewed or unit-tested, so I've re-opened.
--
Ticket URL: <http://code.djangoproject.com/ticket/12616#comment:3>
Django
Feb 9, 2010, 9:34:12 AM2/9/10
to djang...@holovaty.com, django-...@googlegroups.com
#12616: dev server should not override directory listing of static media
-------------------------------------+--------------------------------------
Reporter: ahebert | Owner: nobody
Status: closed | Milestone:
Component: Core framework | Version: 1.1
Resolution: wontfix | Keywords:
Stage: Unreviewed | Has_patch: 1
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
-------------------------------------+--------------------------------------
Changes (by russellm):
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
-------------------------------------+--------------------------------------
* status: reopened => closed
* resolution: => wontfix
Comment:
I'm going to mark this wontfix. The approach you're describing requires
that you have a static served copy of the admin media which the
AdminMediaHandler falls back onto in order to determine whether a
directory listing should be made visible.
What is needed here is an ability to turn on show_indexes on runserver,
but that's a sufficient edge case that I don't think it's warranted.
Let me know if I've missed some crucial use case that requires that you be
able to navigate a directory structure in a browser (as opposed to, say, a
normal file system browser)
--
Ticket URL: <http://code.djangoproject.com/ticket/12616#comment:4>
Reply all
Reply to author
Forward
0 new messages